| From: | Christopher Kings-Lynne <chriskl(at)familyhealth(dot)com(dot)au> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Magnus Hagander <mha(at)sollentuna(dot)net>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Is "trust" really a good default? |
| Date: | 2004-07-13 01:45:23 |
| Message-ID: | 40F33EB3.2010208@familyhealth.com.au |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> No, but none of the others are better. See previous discussions in the
> archives. I don't think the situation has changed any since the last
> time we hashed this out.
I'll chime in from the phpPgAdmin point of view. The thing with
phpPgAdmin is that it breaks the 'localhost' access is safe rule that
the existing trust stuff assumes. This is because the most common setup
is Apache and PostgreSQL on the same machine.
The situation got SO BAD with being able to just Google for 'phpPgAdmin
Login' and then just log straight in as 'pgsql' and no password that
since version 3.2 or so we have had "extra login security". That means
that by default in phpPgAdmin we disallow any login as the 'pgsql',
'postgres', 'root', or 'administrator' users, and you cannot log into
any account without a password.
This has fixed the problem greatly, however we get heaps of people who
cannot understand why they cannot log in. Those are the people we save
from themselves.
I think that pg_hba.conf should have md5 on all by default, and the -W
initdb parameter should be required.
Chris
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Christopher Kings-Lynne | 2004-07-13 01:46:42 | Re: Is "trust" really a good default? |
| Previous Message | Marc G. Fournier | 2004-07-13 01:44:51 | Re: Anoncvs down? |